• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

SOLVED: Simple testing needed: can you see my website?

Started by dsuha, November 14, 2013, 09:40:30 AM

Previous topic - Next topic

dsuha

--deleted as it works now, thank you very much--

Ping6 works fine but haven't found anyone who can reach it.
Naturally i haven't the slightest idea what could be wrong.

cholzhauer

Does not work from my ipv6 enabled phone.  Check your firewall

dsuha

Router firewall  may be the reason, but i need some help ??? checking these:

#ip6tables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0
ACCEPT     all      anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all      anywhere             anywhere           state NEW
ACCEPT     all      anywhere             anywhere           state NEW
ACCEPT     ipv6-nonxt    anywhere             anywhere           length 40
ACCEPT     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere
ACCEPT     udp      anywhere             anywhere           udp dpt:546
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp destination-unreachable
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp packet-too-big
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp time-exceeded
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp parameter-problem
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp echo-request
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp echo-reply
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 130
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 131
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 132
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp router-solicitation
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp router-advertisement
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp neighbour-solicitation
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp neighbour-advertisement
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 141
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 142
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 143
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 148
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 149
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 151
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 152
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp type 153
DROP       all      anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all      anywhere             anywhere           state INVALID
ACCEPT     all      anywhere             anywhere           state RELATED,ESTABLISHED
DROP       all      anywhere             anywhere           rt type:0
TCPMSS     tcp      anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN TCPMSS clamp to PMTU
ACCEPT     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere
ACCEPT     ipv6-nonxt    anywhere             anywhere           length 40
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp destination-unreachable
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp packet-too-big
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp time-exceeded
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp parameter-problem
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp echo-request
ACCEPT     ipv6-icmp    anywhere             anywhere           ipv6-icmp echo-reply
ACCEPT     all      anywhere             anywhere
DROP       all      anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0

snarked

#3
Traceroute dies at your tunnel interface:
QuoteFrom www.snarked.org [2001:470:d:4::1:2] to ipv6.suhartati.com
traceroute to ipv6.suhartati.com (2001:470:36:b38:c0ff:ee70:ffee:beef), 30 hops max, 80 byte packets
1  snarked-1.tunnel.tserv15.lax1.ipv6.he.net (2001:470:c:4::1)  6.324 ms  10.968 ms  14.824 ms
2  gige-g4-6.core1.lax1.he.net (2001:470:0:9d::1)  17.942 ms  17.925 ms  17.903 ms
3  10gigabitethernet1-3.core1.lax2.he.net (2001:470:0:72::2)  24.274 ms  24.496 ms  24.646 ms
4  10gigabitethernet3-2.core1.tyo1.he.net (2001:470:0:294::2)  112.473 ms  112.616 ms  112.596 ms
5  10gigabitethernet1-3.core1.sin1.he.net (2001:470:0:26c::2)  191.921 ms  191.982 ms  192.029 ms
6  tserv1.sin1.he.net (2001:470:0:17c::2)  194.709 ms  190.200 ms  187.913 ms
7  dsuha-1-pt.tunnel.tserv25.sin1.ipv6.he.net (2001:470:35:b38::2)  200.696 ms  197.576 ms  197.971 ms
8  * * *
9  * * *
...
Try purging your firewall rules temporarily and see if you become reachable (i.e. no rules and default policy ACCEPT).  If you do become reachable, then it's your firewall.

kasperd

Quote from: dsuha on November 14, 2013, 10:05:32 AM
Router firewall  may be the reason, but i need some help ??? checking these:

#ip6tables -L
The output from that command is not as helpful as it should have been. Look at the output of ip6tables-save instead.

dsuha

#5
Just noticed that rule i had made for port 80 was not there in FORWARD where it should've been.

Now http://ipv6-test.com/validate.php says Congratulations, this website is IPv6 ready !

Edit: Woohoo i can see it working through URL.ipv4.sixxs.org !  ;D Finally.

Seems it needs an ICMP traceroute to be reached. How to make firewall rule for UDP traceroute? Most of the online ipv6 traceroutes seem to use UDP (or something else than ICMP).
Here's one: http://www.4or6.com/traceroute?l=en